PERSONAL TOUCH AGREES TO PAY $350,000 FOR DATA HACK
Personal Touch Holding Corporation, a Long-Island-based home health care company, agreed to pay $350,000 to the New York State Attorney’s Office for failing to protect New Yorkers’ health-care data.
The company’s “poor data security” allowed the unauthorized release of personal and medical information for some 316,845 New Yorkers.
Apparently, in January of 2021, an employee fell for a phishing scam, which allowed a hacker access to the company’s network. In addition to the penalty, Personal Touch has agreed to improve its cybesecurity infrastructure, together with incorporating changes to its system-related testing and training practices. (The AG also secured an additional $100k from a software vendor.)
In a written statement, Attorney General James noted that “Health care institutions have a responsibility to safeguard New Yorkers’ wellbeing, but also to protect their confidential and private information …. The security failures by Personal Touch caused undue stress and financial problems for New Yorkers who simply wanted to have access to high-quality health care. My office will always step up and hold companies responsible if their negligence puts New Yorkers’ private information in jeopardy.”
That all seemed quite impersonal to us ....
# # #